Author: sf Date: 2009-11-07 14:49:48 +0000 (Sat, 07 Nov 2009) New Revision: 13231 Modified: data/CVE/list Log: Start a list of ssl implementations for the renegotiation prefix injection vulnerability. I didn''t realize we had that many. Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-11-07 10:24:12 UTC (rev 13230) +++ data/CVE/list 2009-11-07 14:49:48 UTC (rev 13231) @@ -801,8 +801,32 @@ RESERVED CVE-2009-3556 RESERVED -CVE-2009-3555 +CVE-2009-3555 [TLS/SSL renegotiation prefix injection vulnerability] RESERVED + - openssl <unfixed> + - openssl097 <removed> + - gnutls26 <unfixed> + - gnutls13 <removed> + - nss <unfixed> + - xyssl <unfixed> + - polarssl <unfixed> + - matrixssl <unfixed> + - pike7.6 <unfixed> + - classpath <unfixed> + - gcj-4.1 <unfixed> + - gcj-4.2 <unfixed> + - gcj-4.3 <unfixed> + - gcj-4.4 <unfixed> + - zorp <unfixed> + - openjdk-6 <unfixed> + - sun-java5 <removed> + [etch] - sun-java5 <no-dsa> (non-free not supported) + [lenny] - sun-java5 <no-dsa> (non-free not supported) + - sun-java6 <unfixed> + [lenny] - sun-java6 <no-dsa> (non-free not supported) + TODO: check + TODO: I haven''t checked if all the java ssl implementations are actually used. + NOTE: This may need fixes in TLS/SSL using packages, too. CVE-2009-3554 RESERVED CVE-2009-3553